LEGAL · PRIVACY
Privacy policy
We collect and process data needed to operate, secure, and improve SleeveFolio, including usage analytics and session analytics described below.
1. What we collect
Identity data from Auth.js (Google, GitHub, or email). Encrypted broker keys you supply. Trading state your strategies generate (orders, fills, positions, signals). Billing metadata from Stripe. Usage analytics (page views, feature events) and session analytics, which may include replay of in-app interactions; broker keys and other secrets are never sent to analytics providers.
2. Sub-processors
Stripe (billing), Resend (email), Vercel (hosting + analytics), Sentry (errors), Inngest (jobs), Google Analytics (usage analytics), Hotjar (session analytics + replay), Upstash (rate-limit state). Each receives only what their function requires.
3. Encryption + retention
Broker keys are AES-256-GCM encrypted at rest. Audit logs are partitioned per user and retained per tier: Free 30 days, Pro 7 years. Delete-account erases all your rows and revokes connected broker keys; the audit slice is archived for the tier retention window then hard-deleted.
4. Your rights
Export your audit log as JSONL from Settings. Delete your account any time (Settings → Account → Delete account, email type-to-confirm).
Effective upon your acceptance at account creation and your continued use of SleeveFolio.